Ben, Can you recommend a good IDS for monitoring?
Thanks, -Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 10:47 AM To: NT 2000 Discussions Subject: Re: Block IM ??? On Wed, 3 Sep 2003, at 10:35am, [EMAIL PROTECTED] wrote: > I know this isn't a security list but I was wandering if your company > blocks (or tries to block) Instant Messaging. I wear many hats and one of > them is a security hat. What does your company do? You need two things: Policy and enforcement. One without the other is useless. For policy: Have management create a formal, written policy forbidding the use of IM software. Make sure the policy includes notice that violators will be subject to disciplinary action, up to and including termination. For enforcement, you have multiple options. The one I like best is to use an IDS to monitor for known IM traffic signatures. That way, you can easily identify violators and drop the hammer on them. If you try to lock down all the "easy" IM access methods, you only make detection harder. Better to make it easy and catch the violators in the act. Some other possibilities: - Block TCP and UDP port numbers known to be used by various IM clients. - Block IP addresses known to be used as servers by various IM clients. - Use an HTTP proxy server. Configure it to block the CONNECT method. Block connections that do not go through the proxy server. - Lock down workstations to prevent unauthorized software (like IM clients) from being installed. - Use Group Policy to disable Microsoft MSN Messenger. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
